Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/x7_FxhkbTYN5vctwser8mjD2ksM.roa
File:                     x7_FxhkbTYN5vctwser8mjD2ksM.roa (raw, json)
Hash identifier:          ixjMxfKrpLttKGHb7XcPwDYsOccvZHh4HS3oHHcw4V8=
Subject key identifier:   C7:BF:C5:C6:19:1B:4D:83:79:BD:CB:70:B1:EA:FC:9A:30:F6:92:C3
Certificate issuer:       /CN=351a14ce9d25239b92fe5abce532515044c1aba4
Certificate serial:       018CC3B71C261682E2D4BE587EF7988E1710
Authority key identifier: 35:1A:14:CE:9D:25:23:9B:92:FE:5A:BC:E5:32:51:50:44:C1:AB:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/x7_FxhkbTYN5vctwser8mjD2ksM.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39511
IP address blocks:        2a05:91c3:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1c:26:16:82:e2:d4:be:58:7e:f7:98:8e:17:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a14ce9d25239b92fe5abce532515044c1aba4
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7bfc5c6191b4d8379bdcb70b1eafc9a30f692c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:01:ad:40:c9:d6:87:c6:15:2a:5a:36:b8:9d:
                    6f:fa:ec:4c:af:0e:0a:76:2d:f8:29:08:b6:00:9b:
                    58:71:79:ca:fa:bc:db:a4:6d:d6:15:2d:7b:f2:8d:
                    01:d2:80:de:58:ff:af:53:68:1e:6d:28:e0:f5:ee:
                    6f:d7:ea:31:33:a2:a0:9d:57:3b:2c:f7:ce:2a:73:
                    9c:ad:29:c6:51:90:18:e4:3e:f4:91:23:eb:16:c5:
                    fc:ce:ce:4a:70:ed:2f:d1:66:1f:07:bc:89:69:98:
                    71:84:aa:d0:5f:bc:11:50:10:e5:90:7e:d3:01:c6:
                    11:6f:f5:91:14:a4:85:20:8e:27:00:42:d3:ae:33:
                    08:56:fe:8b:d2:fd:2f:e0:27:c2:be:f4:6f:1d:4d:
                    3b:ae:8d:0d:a1:3c:d5:55:d2:fc:5b:6b:49:8b:22:
                    a7:b0:b5:65:0b:7a:7f:b2:ac:f4:c3:0a:87:95:f7:
                    1e:74:d4:01:72:54:24:a1:4d:51:85:74:a2:a0:5f:
                    97:87:a5:99:60:99:e9:3e:d1:96:7c:20:5d:35:c7:
                    8c:fe:7b:23:a4:35:72:05:7b:97:c8:26:ee:a4:9d:
                    8c:bf:a7:79:0b:8e:2d:23:ff:8b:df:94:dd:4b:4f:
                    6d:d0:9a:ca:41:8e:3c:7f:d1:29:55:44:22:6b:0a:
                    5b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:BF:C5:C6:19:1B:4D:83:79:BD:CB:70:B1:EA:FC:9A:30:F6:92:C3
            X509v3 Authority Key Identifier:
                keyid:35:1A:14:CE:9D:25:23:9B:92:FE:5A:BC:E5:32:51:50:44:C1:AB:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRoUzp0lI5uS_lq85TJRUETBq6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/x7_FxhkbTYN5vctwser8mjD2ksM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3e2165-3bb5-45c3-989a-2953894b1f6d/1/NRoUzp0lI5uS_lq85TJRUETBq6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:91c3:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:5a:c1:4f:ac:77:a7:6f:41:93:25:b2:27:2c:7b:0a:af:8c:
         17:9f:e6:b2:08:4f:df:b8:22:72:b8:4a:94:d0:eb:10:e8:f5:
         f6:bf:94:ed:72:74:eb:ae:c4:e3:9b:b2:ec:64:77:7a:f1:7f:
         8d:80:c8:e4:82:e4:c1:d2:7f:41:9b:0c:a6:92:fc:9e:52:2d:
         66:c4:d6:57:1e:f4:01:ba:b3:d0:81:e4:56:f5:40:d9:6a:fd:
         f1:d1:2b:83:d8:73:50:28:a8:f1:86:c7:9d:7b:e0:fe:9c:0b:
         b5:7b:d9:3f:40:ed:b4:a0:81:4a:8f:a7:38:ee:f1:23:87:84:
         d6:2b:56:7f:cf:59:1e:ff:fe:47:cb:93:70:d6:0b:03:53:43:
         34:e7:2b:72:b7:cd:85:b3:c7:c3:8e:7c:42:81:27:a0:d1:e3:
         08:bb:e6:58:0c:cd:54:f6:1b:2e:0a:3a:2e:ab:98:ff:a0:af:
         bc:96:84:10:95:d1:c5:a6:f4:f7:95:b4:0e:6b:b3:df:a6:1f:
         c3:98:91:40:25:89:39:1b:f8:6b:4c:52:8c:19:f7:f1:25:bd:
         33:a3:98:8a:6c:47:84:25:34:1c:5b:81:b7:64:be:8b:c5:d3:
         5e:c6:ee:00:34:35:f4:be:48:b4:7b:d4:33:10:c7:a0:03:fd:
         10:51:4d:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDtxwmFoLi1L5YfveYjhcQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWExNGNlOWQyNTIzOWI5MmZlNWFiY2U1MzI1MTUwNDRj
MWFiYTQwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2JmYzVjNjE5MWI0ZDgzNzliZGNiNzBiMWVhZmM5YTMwZjY5MmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngGtQMnWh8YVKlo2uJ1v+uxMrw4K
di34KQi2AJtYcXnK+rzbpG3WFS178o0B0oDeWP+vU2gebSjg9e5v1+oxM6KgnVc7
LPfOKnOcrSnGUZAY5D70kSPrFsX8zs5KcO0v0WYfB7yJaZhxhKrQX7wRUBDlkH7T
AcYRb/WRFKSFII4nAELTrjMIVv6L0v0v4CfCvvRvHU07ro0NoTzVVdL8W2tJiyKn
sLVlC3p/sqz0wwqHlfcedNQBclQkoU1RhXSioF+Xh6WZYJnpPtGWfCBdNceM/nsj
pDVyBXuXyCbupJ2Mv6d5C44tI/+L35TdS09t0JrKQY48f9EpVUQiawpb8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMe/xcYZG02Deb3LcLHq/Jow9pLDMB8GA1UdIwQY
MBaAFDUaFM6dJSObkv5avOUyUVBEwaukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvVXpwMGxJNXVTX2xxODVUSlJVRVRCcTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zZTIxNjUtM2JiNS00NWMzLTk4OWEt
Mjk1Mzg5NGIxZjZkLzEveDdfRnhoa2JUWU41dmN0d3NlcjhtakQya3NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zZTIxNjUtM2JiNS00NWMzLTk4OWEtMjk1Mzg5NGIxZjZk
LzEvTlJvVXpwMGxJNXVTX2xxODVUSlJVRVRCcTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWRwwAB
MA0GCSqGSIb3DQEBCwUAA4IBAQB8WsFPrHenb0GTJbInLHsKr4wXn+ayCE/fuCJy
uEqU0OsQ6PX2v5TtcnTrrsTjm7LsZHd68X+NgMjkguTB0n9BmwymkvyeUi1mxNZX
HvQBurPQgeRW9UDZav3x0SuD2HNQKKjxhsede+D+nAu1e9k/QO20oIFKj6c47vEj
h4TWK1Z/z1ke//5Hy5Nw1gsDU0M05ytyt82Fs8fDjnxCgSeg0eMIu+ZYDM1U9hsu
Cjouq5j/oK+8loQQldHFpvT3lbQOa7Pfph/DmJFAJYk5G/hrTFKMGffxJb0zo5iK
bEeEJTQcW4G3ZL6LxdNexu4ANDX0vki0e9QzEMegA/0QUU11
-----END CERTIFICATE-----